CVE-2022-26376
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP especialmente diseñada puede conllevar a una corrupción de memoria. Un atacante puede enviar una petición de red para desencadenar esta vulnerabilidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-05 CVE Reserved
- 2022-08-05 CVE Published
- 2024-02-17 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asus Search vendor "Asus" | Xt8 Firmware Search vendor "Asus" for product "Xt8 Firmware" | < 3.0.0.4.386_48706 Search vendor "Asus" for product "Xt8 Firmware" and version " < 3.0.0.4.386_48706" | - |
Affected
| in | Asus Search vendor "Asus" | Xt8 Search vendor "Asus" for product "Xt8" | - | - |
Safe
|
| Asus Search vendor "Asus" | Tuf-ax3000 V2 Firmware Search vendor "Asus" for product "Tuf-ax3000 V2 Firmware" | < 3.0.0.4.386_48750 Search vendor "Asus" for product "Tuf-ax3000 V2 Firmware" and version " < 3.0.0.4.386_48750" | - |
Affected
| in | Asus Search vendor "Asus" | Tuf-ax3000 V2 Search vendor "Asus" for product "Tuf-ax3000 V2" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xd4 Firmware Search vendor "Asus" for product "Xd4 Firmware" | < 3.0.0.4.386_48790 Search vendor "Asus" for product "Xd4 Firmware" and version " < 3.0.0.4.386_48790" | - |
Affected
| in | Asus Search vendor "Asus" | Xd4 Search vendor "Asus" for product "Xd4" | - | - |
Safe
|
| Asus Search vendor "Asus" | Et12 Firmware Search vendor "Asus" for product "Et12 Firmware" | < 3.0.0.4.386_48823 Search vendor "Asus" for product "Et12 Firmware" and version " < 3.0.0.4.386_48823" | - |
Affected
| in | Asus Search vendor "Asus" | Et12 Search vendor "Asus" for product "Et12" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-ax6000 Firmware Search vendor "Asus" for product "Gt-ax6000 Firmware" | < 3.0.0.4.386_48823 Search vendor "Asus" for product "Gt-ax6000 Firmware" and version " < 3.0.0.4.386_48823" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax6000 Search vendor "Asus" for product "Gt-ax6000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xt12 Firmware Search vendor "Asus" for product "Xt12 Firmware" | < 3.0.0.4.386_48823 Search vendor "Asus" for product "Xt12 Firmware" and version " < 3.0.0.4.386_48823" | - |
Affected
| in | Asus Search vendor "Asus" | Xt12 Search vendor "Asus" for product "Xt12" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax58u Firmware Search vendor "Asus" for product "Rt-ax58u Firmware" | < 3.0.0.4.386_48908 Search vendor "Asus" for product "Rt-ax58u Firmware" and version " < 3.0.0.4.386_48908" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax58u Search vendor "Asus" for product "Rt-ax58u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xt9 Firmware Search vendor "Asus" for product "Xt9 Firmware" | < 3.0.0.4.388_20027 Search vendor "Asus" for product "Xt9 Firmware" and version " < 3.0.0.4.388_20027" | - |
Affected
| in | Asus Search vendor "Asus" | Xt9 Search vendor "Asus" for product "Xt9" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xd6 Firmware Search vendor "Asus" for product "Xd6 Firmware" | < 3.0.0.4.386_49356 Search vendor "Asus" for product "Xd6 Firmware" and version " < 3.0.0.4.386_49356" | - |
Affected
| in | Asus Search vendor "Asus" | Xd6 Search vendor "Asus" for product "Xd6" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-ax11000 Pro Firmware Search vendor "Asus" for product "Gt-ax11000 Pro Firmware" | < 3.0.0.4.386_48996 Search vendor "Asus" for product "Gt-ax11000 Pro Firmware" and version " < 3.0.0.4.386_48996" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax11000 Pro Search vendor "Asus" for product "Gt-ax11000 Pro" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-axe16000 Firmware Search vendor "Asus" for product "Gt-axe16000 Firmware" | < 3.0.0.4.386_48786 Search vendor "Asus" for product "Gt-axe16000 Firmware" and version " < 3.0.0.4.386_48786" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-axe16000 Search vendor "Asus" for product "Gt-axe16000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax86u Firmware Search vendor "Asus" for product "Rt-ax86u Firmware" | < 3.0.0.4.386_49447 Search vendor "Asus" for product "Rt-ax86u Firmware" and version " < 3.0.0.4.386_49447" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax86u Search vendor "Asus" for product "Rt-ax86u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax68u Firmware Search vendor "Asus" for product "Rt-ax68u Firmware" | < 3.0.0.4.386_49479 Search vendor "Asus" for product "Rt-ax68u Firmware" and version " < 3.0.0.4.386_49479" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax68u Search vendor "Asus" for product "Rt-ax68u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax82u Firmware Search vendor "Asus" for product "Rt-ax82u Firmware" | < 3.0.0.4.386_49380 Search vendor "Asus" for product "Rt-ax82u Firmware" and version " < 3.0.0.4.386_49380" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax82u Search vendor "Asus" for product "Rt-ax82u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax56u Firmware Search vendor "Asus" for product "Rt-ax56u Firmware" | < 3.0.0.4.386_49559 Search vendor "Asus" for product "Rt-ax56u Firmware" and version " < 3.0.0.4.386_49559" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax56u Search vendor "Asus" for product "Rt-ax56u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax55 Firmware Search vendor "Asus" for product "Rt-ax55 Firmware" | < 3.0.0.4.386_49559 Search vendor "Asus" for product "Rt-ax55 Firmware" and version " < 3.0.0.4.386_49559" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax55 Search vendor "Asus" for product "Rt-ax55" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-ax11000 Firmware Search vendor "Asus" for product "Gt-ax11000 Firmware" | < 3.0.0.4.386_49559 Search vendor "Asus" for product "Gt-ax11000 Firmware" and version " < 3.0.0.4.386_49559" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax11000 Search vendor "Asus" for product "Gt-ax11000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | < 3.0.0.4.386_48706 Search vendor "Asus" for product "Asuswrt" and version " < 3.0.0.4.386_48706" | - |
Affected
| ||||||
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | New Gen Search vendor "Asuswrt-merlin" for product "New Gen" | < 386.7 Search vendor "Asuswrt-merlin" for product "New Gen" and version " < 386.7" | - |
Affected
| ||||||